FortiClient

From Leo's Notes
Last edited on 7 November 2023, at 23:40.

Fortinet is a proprietary VPN solution. Users connect to this VPN solution using the FortiClient VPN client software.

The University of Calgary uses Fortinet VPN and has mandated mutli-factor authentication (MFA) as a requirement since mid 2021.

This page goes over some notes on using this VPN software and open source alternatives.

Linux

The official FortiClient VPN client may not be desirable in some situations especially since the software may include some other unwanted packages like a virus o rmalware scanner.

There is an open source project to connect to Fortinet VPNs called OpenFortiVPN: https://github.com/adrienverge/openfortivpn.

OpenFortiVPN

OpenFortiVPN is available on the fedora repository. Install it through dnf/yum:

# yum install -y openfortivpn

After installing, configure the /etc/openfortivpn/config file and connect to the VPN like so:

# openfortivpn itv2.ucalgary.ca:10443 --username=xyz
VPN account password:
INFO:    Connected to gateway.
...

MFA support

OpenFortiVPN does not handle MFA (or a SAML based authentication system). To work with such an authentication backend, you'll have to use OpenFortiVPN-webview: https://github.com/gm-vm/openfortivpn-webview

This program will let you login and generate a session token which you can then use with OpenFortiVPN to connect to the VPN.

Windows

Use the official FortiClient Windows App from the Windows Store instead of the official FortiClient software to avoid the unnecessary UI and bloat (such as an unwanted and unneeded virus scanner that cannot be disabled!). This method is no longer supported. The client that's in the Windows Store does not appear to be updated and does not support MFA.

See also

University of Calgary Knowledge base articles on using FortiClient: